Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-427

CWE-427

Uncontrolled Search Path Element

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

1,168 vulnerabilities with CWE-427

CVE-2025-11761 HIGH

HP Client Management Script Library < 1.8.5 - Privilege Escalation via Uncontrolled Search Path

CVE-2025-60749 HIGH

Trimble SketchUp desktop 2025 - Code Injection

CVE-2025-61161 HIGH

Evope Collector <1.1.6.9.0 - Code Injection

CVE-2025-62776 HIGH

WTW EAGLE <3.0.8.0 - Code Injection

CVE-2025-10939 LOW

Keycloak < 26.4.4 - Unauthenticated Admin Path Access via Proxy Path Normalization Bypass

CVE-2025-9164 HIGH

Docker Desktop <4.48.0 - Privilege Escalation

CVE-2025-11940 HIGH

LibreWolf <143.0.4-1 - Path Traversal

CVE-2025-10581 HIGH

Lenovo PCManager < 5.1.140.9262 - Authenticated DLL Hijacking

CVE-2025-26861 HIGH

RemoteCall Remote Support Program (for Operator) < 5.3.0 - Uncontrolled Search Path Element via Crafted DLL

CVE-2025-26860 HIGH

RemoteCall Remote Support Program (for Operator) < 5.1.0 - Uncontrolled Search Path Element via Crafted DLL

CVE-2025-26859 HIGH

RemoteView PC App <6.0.2 - Code Injection

CVE-2025-57716 MEDIUM

FortiClient 7.0.0-7.4.3 - DLL Hijacking via Online Installer Installation Folder

CVE-2025-59889 HIGH

Eaton IPP software < 1.76 - Unauthenticated Remote Code Execution via Uncontrolled Search Path Element

CVE-2025-23309 HIGH

NVIDIA Display Driver - Memory Corruption

CVE-2025-32919 HIGH

Checkmk 2.1.0-2.4.0 - Privilege Escalation via Insecure Temporary Directory

CVE-2025-62185 MEDIUM

Anki < 25.02.5 - Unauthenticated Arbitrary Code Execution via Crafted Shared Deck

CVE-2025-57781 HIGH

DENSO TEN drive recorder viewer - Code Injection

CVE-2025-27237 HIGH

Zabbix Agent/Agent 2 <Windows> - Privilege Escalation

CVE-2025-11223 HIGH

Panasonic AutoDownloader <1.2.8 - Code Injection

CVE-2025-23355 MEDIUM

NVIDIA Nsight Graphics < 2025.3 - DLL Hijacking via ngfx Component

CVE-2025-59684 HIGH

DigiSign DigiSigner ONE 1.0.4.60 - DLL Hijacking

CVE-2025-11178 HIGH

Acronis True Image <build 42386 - Privilege Escalation

CVE-2025-56383 HIGH

Notepad++ 8.8.3 - DLL Hijacking via Uncontrolled Search Path

CVE-2025-9267 HIGH

Seagate Toolkit < 2.35.0.6 - Untrusted Search Path DLL Loading

CVE-2025-9844 HIGH

Salesforce CLI <2.106.6 - Buffer Overflow

Previous Page 8 of 47 Next

Details

Vulnerabilities 1,168

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy